summaryrefslogtreecommitdiff
path: root/astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml
diff options
context:
space:
mode:
authorSaumit <justsaumit@protonmail.com>2025-10-11 02:34:38 +0530
committerSaumit <justsaumit@protonmail.com>2025-10-11 02:34:38 +0530
commit88a326bacdffde9e065b08ba893a17149584e72e (patch)
tree20e380438497afb8c4b33a932505602590721690 /astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml
parentef773bd27019ec6597bd12237e3b4f4f0f46f244 (diff)
platform: Adding argocd helm chart
Diffstat (limited to 'astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml')
-rw-r--r--astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml379
1 files changed, 379 insertions, 0 deletions
diff --git a/astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml b/astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml
new file mode 100644
index 0000000..7e50234
--- /dev/null
+++ b/astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml
@@ -0,0 +1,379 @@
+{{- if .Values.crds.install }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ {{- if .Values.crds.keep }}
+ "helm.sh/resource-policy": keep
+ {{- end }}
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ app.kubernetes.io/name: appprojects.argoproj.io
+ app.kubernetes.io/part-of: argocd
+ {{- with .Values.crds.additionalLabels }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ name: appprojects.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: AppProject
+ listKind: AppProjectList
+ plural: appprojects
+ shortNames:
+ - appproj
+ - appprojs
+ singular: appproject
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ AppProject provides a logical grouping of applications, providing controls for:
+ * where the apps may deploy to (cluster whitelist)
+ * what may be deployed (repository whitelist, resource whitelist/blacklist)
+ * who can access these applications (roles, OIDC group claims bindings)
+ * and what they can do (RBAC policies)
+ * automation access to these roles (JWT tokens)
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AppProjectSpec is the specification of an AppProject
+ properties:
+ clusterResourceBlacklist:
+ description: ClusterResourceBlacklist contains list of blacklisted
+ cluster level resources
+ items:
+ description: |-
+ GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
+ concepts during lookup stages without having partially valid types
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ required:
+ - group
+ - kind
+ type: object
+ type: array
+ clusterResourceWhitelist:
+ description: ClusterResourceWhitelist contains list of whitelisted
+ cluster level resources
+ items:
+ description: |-
+ GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
+ concepts during lookup stages without having partially valid types
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ required:
+ - group
+ - kind
+ type: object
+ type: array
+ description:
+ description: Description contains optional project description
+ maxLength: 255
+ type: string
+ destinationServiceAccounts:
+ description: DestinationServiceAccounts holds information about the
+ service accounts to be impersonated for the application sync operation
+ for each destination.
+ items:
+ description: ApplicationDestinationServiceAccount holds information
+ about the service account to be impersonated for the application
+ sync operation.
+ properties:
+ defaultServiceAccount:
+ description: DefaultServiceAccount to be used for impersonation
+ during the sync operation
+ type: string
+ namespace:
+ description: Namespace specifies the target namespace for the
+ application's resources.
+ type: string
+ server:
+ description: Server specifies the URL of the target cluster's
+ Kubernetes control plane API.
+ type: string
+ required:
+ - defaultServiceAccount
+ - server
+ type: object
+ type: array
+ destinations:
+ description: Destinations contains list of destinations available
+ for deployment
+ items:
+ description: ApplicationDestination holds information about the
+ application's destination
+ properties:
+ name:
+ description: Name is an alternate way of specifying the target
+ cluster by its symbolic name. This must be set if Server is
+ not set.
+ type: string
+ namespace:
+ description: |-
+ Namespace specifies the target namespace for the application's resources.
+ The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
+ type: string
+ server:
+ description: Server specifies the URL of the target cluster's
+ Kubernetes control plane API. This must be set if Name is
+ not set.
+ type: string
+ type: object
+ type: array
+ namespaceResourceBlacklist:
+ description: NamespaceResourceBlacklist contains list of blacklisted
+ namespace level resources
+ items:
+ description: |-
+ GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
+ concepts during lookup stages without having partially valid types
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ required:
+ - group
+ - kind
+ type: object
+ type: array
+ namespaceResourceWhitelist:
+ description: NamespaceResourceWhitelist contains list of whitelisted
+ namespace level resources
+ items:
+ description: |-
+ GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
+ concepts during lookup stages without having partially valid types
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ required:
+ - group
+ - kind
+ type: object
+ type: array
+ orphanedResources:
+ description: OrphanedResources specifies if controller should monitor
+ orphaned resources of apps in this project
+ properties:
+ ignore:
+ description: Ignore contains a list of resources that are to be
+ excluded from orphaned resources monitoring
+ items:
+ description: OrphanedResourceKey is a reference to a resource
+ to be ignored from
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ type: object
+ type: array
+ warn:
+ description: Warn indicates if warning condition should be created
+ for apps which have orphaned resources
+ type: boolean
+ type: object
+ permitOnlyProjectScopedClusters:
+ description: PermitOnlyProjectScopedClusters determines whether destinations
+ can only reference clusters which are project-scoped
+ type: boolean
+ roles:
+ description: Roles are user defined RBAC roles associated with this
+ project
+ items:
+ description: ProjectRole represents a role that has access to a
+ project
+ properties:
+ description:
+ description: Description is a description of the role
+ type: string
+ groups:
+ description: Groups are a list of OIDC group claims bound to
+ this role
+ items:
+ type: string
+ type: array
+ jwtTokens:
+ description: JWTTokens are a list of generated JWT tokens bound
+ to this role
+ items:
+ description: JWTToken holds the issuedAt and expiresAt values
+ of a token
+ properties:
+ exp:
+ format: int64
+ type: integer
+ iat:
+ format: int64
+ type: integer
+ id:
+ type: string
+ required:
+ - iat
+ type: object
+ type: array
+ name:
+ description: Name is a name for this role
+ type: string
+ policies:
+ description: Policies Stores a list of casbin formatted strings
+ that define access policies for the role in the project
+ items:
+ type: string
+ type: array
+ required:
+ - name
+ type: object
+ type: array
+ signatureKeys:
+ description: SignatureKeys contains a list of PGP key IDs that commits
+ in Git must be signed with in order to be allowed for sync
+ items:
+ description: SignatureKey is the specification of a key required
+ to verify commit signatures with
+ properties:
+ keyID:
+ description: The ID of the key in hexadecimal notation
+ type: string
+ required:
+ - keyID
+ type: object
+ type: array
+ sourceNamespaces:
+ description: SourceNamespaces defines the namespaces application resources
+ are allowed to be created in
+ items:
+ type: string
+ type: array
+ sourceRepos:
+ description: SourceRepos contains list of repository URLs which can
+ be used for deployment
+ items:
+ type: string
+ type: array
+ syncWindows:
+ description: SyncWindows controls when syncs can be run for apps in
+ this project
+ items:
+ description: SyncWindow contains the kind, time, duration and attributes
+ that are used to assign the syncWindows to apps
+ properties:
+ andOperator:
+ description: UseAndOperator use AND operator for matching applications,
+ namespaces and clusters instead of the default OR operator
+ type: boolean
+ applications:
+ description: Applications contains a list of applications that
+ the window will apply to
+ items:
+ type: string
+ type: array
+ clusters:
+ description: Clusters contains a list of clusters that the window
+ will apply to
+ items:
+ type: string
+ type: array
+ description:
+ description: Description of the sync that will be applied to
+ the schedule, can be used to add any information such as a
+ ticket number for example
+ type: string
+ duration:
+ description: Duration is the amount of time the sync window
+ will be open
+ type: string
+ kind:
+ description: Kind defines if the window allows or blocks syncs
+ type: string
+ manualSync:
+ description: ManualSync enables manual syncs when they would
+ otherwise be blocked
+ type: boolean
+ namespaces:
+ description: Namespaces contains a list of namespaces that the
+ window will apply to
+ items:
+ type: string
+ type: array
+ schedule:
+ description: Schedule is the time the window will begin, specified
+ in cron format
+ type: string
+ timeZone:
+ description: TimeZone of the sync that will be applied to the
+ schedule
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ description: AppProjectStatus contains status information for AppProject
+ CRs
+ properties:
+ jwtTokensByRole:
+ additionalProperties:
+ description: JWTTokens represents a list of JWT tokens
+ properties:
+ items:
+ items:
+ description: JWTToken holds the issuedAt and expiresAt values
+ of a token
+ properties:
+ exp:
+ format: int64
+ type: integer
+ iat:
+ format: int64
+ type: integer
+ id:
+ type: string
+ required:
+ - iat
+ type: object
+ type: array
+ type: object
+ description: JWTTokensByRole contains a list of JWT tokens issued
+ for a given role
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+{{- end }}
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-26 13:47:49 +0000